package com.nhjf.admin.common.filter;

import com.nhjf.admin.common.util.StringUtil;
import com.nhjf.admin.common.util.SysProperties;
import com.nhjf.common.util.xss.JsoupXssHtml;
import org.apache.commons.lang.StringUtils;
import org.jsoup.Jsoup;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Vector;


public class SensitiveCharsFilter implements Filter{

	@Override
	public void destroy() {
		// TODO Auto-generated method stub
		
		
	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		// TODO Auto-generated method stub
		HttpServletRequest hreq = (HttpServletRequest) request;
		if(hreq.getServletPath().indexOf("/helpInfo/execute") >= 0) {
			chain.doFilter(request, response);
		}
		HttpServletResponse hres = (HttpServletResponse) response;
		hreq.setCharacterEncoding("UTF-8");
		
		boolean ok = true;
		boolean csair = true;
		hres.setHeader("SET-COOKIE", "JSESSIONID=" + hreq.getSession().getId() + "; Path=" + hreq.getContextPath() + "; HttpOnly");

		/*	Enumeration<String> e = hreq.getParameterNames();

		while (e.hasMoreElements()) {
			String name = (String) e.nextElement();
			if (!Validator.isSafe(request.getParameter(name))) {
				ok = false;
				break;
			}
		}*/

//		String referer = hreq.getHeader("REFERER");
		
		String method = hreq.getMethod();
		
//		if ("POST".equals(method)) {
//			csair = Validator.isCsair(hreq);
//		} else {
//			csair = true;
//		}
		
		if ( csair) {
//			chain.doFilter(new MyRequestWrapper((HttpServletRequest) request),
//					response);
			chain.doFilter(new HttpServletRequestWrapper(hreq) {
				@Override
				public String getParameter(String name) {
					String value = super.getParameter(name);
//					return filter(this, value);0
//					return Validator.filter(value);
					//针对富文本里面以及所有string里面的非白名单的脚本一律清理Jsoup.clean
					//还原尖括号，然后交给jsoup进行白名单过滤
					if (StringUtils.isNotBlank(value)) {
						value = value.replaceAll("&lt;", "<");
						value = value.replaceAll("&gt;", ">");
						value = Jsoup.clean(value, JsoupXssHtml.user_content_filter);
					}
					return value;
				}
				@Override
				public String[] getParameterValues(String name) {
					String[] values = super.getParameterValues(name);
					if (values == null) {
						return null;
					}
					for (int i = 0; i < values.length; i++) {
//						values[i] = Validator.filter(values[i]);
						//针对富文本里面以及所有string里面的非白名单的脚本一律清理Jsoup.clean
						//还原尖括号，然后交给jsoup进行白名单过滤
						if (StringUtils.isNotBlank(values[i])) {
							values[i] = values[i].replaceAll("&lt;", "<");
							values[i] = values[i].replaceAll("&gt;", ">");
							values[i] = Jsoup.clean(values[i], JsoupXssHtml.user_content_filter);
						}

					}
					return values;
				}
			}, response);
		} else {
			hres.sendRedirect(SysProperties.getInstance().get("contextPath")+"/login");
//			hres.sendRedirect("http://czshop.csair.com");
		}
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub
		
	}

}
